Wave Systems Corp. (fka WAVXQ)

[wavedreamer]

Barge,

Take a look at the device health claim diagram that NSTIC is developing into their Trust Frame Work section to get an idea of what is coming and what part attestation services will provide to relying parties like banks/enterprises etc.

And Wave provides a product technology (WEM) as a reporting agent that can be used in that Trust Frame Work. Or as Alea calls it the Trust Matrix.



"Use Case Description

Establish an integrity (aka health) claim for a device that, together with other security measures, is good evidence of the integrity of the information exchanged with the user. Today many relying parties do ensure that users can only access their services with devices that are known to be in the possession of the user. This case extends that to allow the relying party to specifically request an integrity claim from the user's device.

Integrity has two meanings in computer security. The first relates to the device not having been changed in any way since it was created. The second relates to the device reliably behaving in an expected manner. In a modern operating system, with vulnerabilities patched every month, the former definition is not practical and so the later definition is the one that applies in this use case.


This use case distinguishes between two actors which are typically conflated in other use cases. The user is a carbon-based life form that has no innate capability to interface to any digital network. The user device is a silicon-based life form that is extremely good at interfacing to the digital networks at high speed, but communicates only a few bits per second to the user with a user experience that is often sub-optimal. For high value resources on the network, the resource owner would like to assure that the data once available on the user device is not leaked to unauthorized users. This is not possible if the resource owner (aka the relying party) does not trust the user's device's integrity with respect to confidential material placed on the device. There are other mechanisms to control data leakage, like remote device wipe, which are to be considered in other use cases.

CUT

"Process Flow

-The user establishes an account with one or more IdPs.
-The user’s device is registered with a device attribute provider.
-The user accesses a web site which requires identity attributes of some sort to continue to process the user request. That web site then becomes a relying party.
-The RP uses a standard protocol and taxonomy to request the information needed from the user.
-This request for information is intercepted by an agent for the user that can: Determine if the requested information is available,
Determine if the user has already authorized release of the requested information to this RP,
Display any remaining choices to the user to acquire more attributes or release those already available,
Compose user and device claims in a way the RP can evaluate the data,
Send the composed claims to the RP who has sole responsibility to determine if sufficient identity and attribute information has been proved to provide the requested access.
Repeat these steps until the RP is satisfied or one side gives up and abandons the effort.

The above figure shows the user agent as a part of the user device. Other implementations are certainly possible. It is responsible for collecting, storing and releasing a collection of claims to the relying party based on informed user consent.
The Secure Token Service / Device Attribute Provider is called a remote attestation service in some environments. It accepts the information created by the device at boot time in a Trusted Platform Module (TPM) to compare with known good configuration information to attest to the integrity (health) of the device by means of a device attribute claim.


CUT

References and Citations

Privacy Enhancing Technologies are outlined in a companion use case https://www.idecosystem.org/wiki/Privacy_Enhancing_Technologies, which shows various ways to hide the identities of the user and the user device.

Authenticate Windows Azure with ADFS at http://technet.microsoft.com/en-us/magazine/dn250023.aspx

Trusted Platform Module at http://www.trustedcomputinggroup.org/developers/trusted_platform_module/specifications

Endpoint Compliance Profile at http://www.trustedcomputinggroup.org/resources/tnc_endpoint_compliance_profile_specification

NIST SP 800-164 Hardware-Rooted Security in Mobile Devices at http://csrc.nist.gov/publications/drafts/800-164/sp800_164_draft.pdf

Cloud Platform Audit and Asset Management using Hardware-based Identities at http://docs.oasis-open.org/id-cloud/IDCloud-usecases/v1.0/cn01/IDCloud-usecases-v1.0-cn01.html#_Toc324801965. This oasis-developed use case describes the companion problem of establishing trust in a cloud provider using a virtual machine environment. The use is very detailed and provides two relevant comparisons to the present use case. First the devices now in development for users often are enabled on virtual machine technology and so can help with the implementation of device integrity of the user device. Second providers of identity and attribute data could directly use the oasis use case to provide proof of their integrity to both the user and to the relying party.


http://www.idecosystem.org/wiki/Device_Integrity_supporting_User_Authentication#Requirements